US7965717B2 - Multi-staged services policing - Google Patents

Multi-staged services policing Download PDF

Info

Publication number
US7965717B2
US7965717B2 US10/645,489 US64548903A US7965717B2 US 7965717 B2 US7965717 B2 US 7965717B2 US 64548903 A US64548903 A US 64548903A US 7965717 B2 US7965717 B2 US 7965717B2
Authority
US
United States
Prior art keywords
policer
services
traffic
upstream
downstream
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related, expires
Application number
US10/645,489
Other versions
US20040141462A1 (en
Inventor
Nalin Mistry
Abdulkadev Barbir
Wayne Ding
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
RPX Clearinghouse LLC
Original Assignee
Nortel Networks Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nortel Networks Ltd filed Critical Nortel Networks Ltd
Priority to US10/645,489 priority Critical patent/US7965717B2/en
Assigned to NORTEL NETWORKS LIMITED reassignment NORTEL NETWORKS LIMITED ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: BARBIR, ABDULKADEV, DING, WAYNE, MISTRY, NALIN
Priority to PCT/CA2004/000019 priority patent/WO2004066565A1/en
Publication of US20040141462A1 publication Critical patent/US20040141462A1/en
Priority to US13/164,227 priority patent/US20110242981A1/en
Application granted granted Critical
Publication of US7965717B2 publication Critical patent/US7965717B2/en
Assigned to Rockstar Bidco, LP reassignment Rockstar Bidco, LP ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: NORTEL NETWORKS LIMITED
Assigned to ROCKSTAR CONSORTIUM US LP reassignment ROCKSTAR CONSORTIUM US LP ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: Rockstar Bidco, LP
Assigned to RPX CLEARINGHOUSE LLC reassignment RPX CLEARINGHOUSE LLC ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: BOCKSTAR TECHNOLOGIES LLC, CONSTELLATION TECHNOLOGIES LLC, MOBILESTAR TECHNOLOGIES LLC, NETSTAR TECHNOLOGIES LLC, ROCKSTAR CONSORTIUM LLC, ROCKSTAR CONSORTIUM US LP
Assigned to JPMORGAN CHASE BANK, N.A., AS COLLATERAL AGENT reassignment JPMORGAN CHASE BANK, N.A., AS COLLATERAL AGENT SECURITY AGREEMENT Assignors: RPX CLEARINGHOUSE LLC, RPX CORPORATION
Assigned to RPX CORPORATION, RPX CLEARINGHOUSE LLC reassignment RPX CORPORATION RELEASE (REEL 038041 / FRAME 0001) Assignors: JPMORGAN CHASE BANK, N.A.
Assigned to JEFFERIES FINANCE LLC reassignment JEFFERIES FINANCE LLC SECURITY INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: RPX CLEARINGHOUSE LLC
Assigned to RPX CLEARINGHOUSE LLC reassignment RPX CLEARINGHOUSE LLC RELEASE BY SECURED PARTY (SEE DOCUMENT FOR DETAILS). Assignors: JEFFERIES FINANCE LLC
Expired - Fee Related legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/16Flow control; Congestion control in connection oriented networks, e.g. frame relay
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/20Traffic policing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/24Traffic characterised by specific attributes, e.g. priority or QoS
    • H04L47/2441Traffic characterised by specific attributes, e.g. priority or QoS relying on flow classification, e.g. using integrated services [IntServ]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/32Flow control; Congestion control by discarding or delaying data units, e.g. packets or frames

Definitions

  • the present invention relates to services policing in data communications networks and, in particular, to multi-staged services policing.
  • a provider of data communications services typically provides a customer access to a large data communication network. This access may be provided at an “edge device” that connects a customer network to the large data communication network.
  • the edge device may be, for instance, a router or a switch.
  • SLA Service Level Agreement
  • an SLA is a contract between a network service provider and a customer that specifies, usually in measurable terms, what services the network service provider will furnish. In order to enforce the SLA, these service providers often rely on “policing”.
  • Policing involves the inspection of traffic and then the taking of an action based on various characteristics of that traffic. These characteristics may be, for instance, based on whether the traffic is over or under a given rate, or based on some bits in the headers of the traffic. Such bits may include a Differentiated Services Code Point (DSCP) or an indication of “IP Precedence”.
  • DSCP Differentiated Services Code Point
  • IP Precedence IP Precedence
  • a policer may either discard a packet of traffic or modify some aspect of the packet of traffic, such as the Internet Protocol (IP) Precedence of the packet of traffic, when it is determined, by the policer, that the packet of traffic meets a given criterion.
  • IP Internet Protocol
  • the policer can police based on such traffic attributes as the aggregate maximum bandwidth allowed for a set of flows, the maximum bandwidth allowed for each single flow, number of flows allowed and special treatment to be applied to any excess traffic.
  • service providers could furnish a customer with a dedicated point-to-point connection to, for instance, connect a branch office to a main office.
  • service providers have been evolving to offer leased line connections over shared network infrastructure. That is, a dedicated line is used from one end point of the leased line (the customer network) to the service provider edge device, but the service provider uses a shared network to connect to the other end point of the leased line. This is often accomplished using Layer 2 technologies like Frame Relay and Asynchronous Transfer Mode (ATM).
  • Layer 2 is the Data Link layer of the commonly-referenced multi-layered communication model, Open Systems Interconnection (OSI).
  • policing has become an important tool at service providers' edge devices for enforcement of SLAs, avoidance of Denial of Service (DoS) attacks and careful and accurate bandwidth management.
  • Services policers that enforce SLAs for the above-mentioned types of Layer 2 technologies are well understood, implemented and deployed in known networks.
  • ATM Generic Cell Rate Algorithm (GCRA) policers implement policing on a per Virtual Connection/Virtual Path (VC/VP) basis. Based on preset criteria, an ATM cell received at a GCRA policer at a service provider edge device may be either transmitted into the shared network infrastructure or discarded.
  • GCRA Generic Cell Rate Algorithm
  • a multi-staged services policer implements multiple policies, at an edge device of network, on the data traffic of a single customer.
  • a policer is important, in particular, as service providers start offering Virtual Private Networking (VPN) services on Layer 2 technologies other than ATM and Frame Relay. Additionally, service providers may start offering VPN services on the IP layer and, in such cases, may wish to police with Layer 7 granularity, that is, police based on end user applications.
  • VPN Virtual Private Networking
  • a multi-staged services policer includes a downstream services policer and an upstream services policer.
  • the upstream services policer adapted to: receive a traffic unit; analyze the traffic unit; based on the analysis, transmit the traffic unit to the downstream services policer; and receive feedback from the downstream services policer.
  • a method of handling traffic units includes receiving a traffic unit, analyzing the traffic unit, based on the analysis, transmitting the traffic unit to a downstream services policer and receiving feedback from the downstream services policer.
  • a computer readable medium is provided to allow a general purpose computer to perform this method.
  • a multi-staged services policer includes a downstream services policer and an upstream services policer.
  • the upstream services policer is adapted to: receive a traffic unit; analyze the traffic unit; based on the analysis, amend the traffic unit resulting in an amended traffic unit including an amendment, where the amendment may be interpreted by the downstream services policer; and transmit the amended traffic unit to the downstream services policer.
  • a multi-staged services policer including a first services policer, a second services policer and a third services policer receiving output from each of the first services policer and the second services policer.
  • FIG. 1 illustrates a connection between a primary customer network and an edge device in a service provider network
  • FIG. 2 illustrates a multi-staged services policer present at the edge device of FIG. 1 according to an embodiment of the present invention
  • FIG. 3 illustrates one of the services policers of the multi-staged services policer of FIG. 2 .
  • a service provider network 104 such as is illustrated in FIG. 1 , it is common for the service provider responsible to provide a single access point to the service provider network 104 . As illustrated, this access point is an ingress edge device 108 A.
  • a services policer may be included in the ingress edge device 108 A. Such a services policer may, for instance, limit traffic having a given Class of Service (CoS).
  • CoS Class of Service
  • An egress edge device 108 B is provided to receive traffic from the ingress edge device that is destined for the secondary customer network 106 and transmit the traffic to the secondary customer network 106 .
  • a services policer may be implemented in application-specific hardware.
  • the ingress edge device 108 A may be loaded with services policing software for executing methods exemplary of this invention from a software medium 112 which could be a disk, a tape, a chip or a random access memory containing a file downloaded from a remote source.
  • CoS is a type of criterion used when managing traffic in a network by grouping similar types of traffic (for example, e-mail, streaming video, voice, large document file transfer) together and treating each type as a class with its own level of service priority.
  • QoS Quality of Service
  • Class of Service technologies do not guarantee a level of service in terms of bandwidth and delivery time; they offer a “best-effort”.
  • CoS technology is simpler to manage and more scalable as a network grows in structure and traffic volume.
  • FIG. 2 illustrates an exemplary architecture for a multi-staged services policer 200 organized as a matrix of services policer blocks.
  • an input trunk may supply the multi-staged services policer 200 with traffic defined as a flow, a session, a connection, an application, etc.
  • the unit of data traffic is also dependent on the type of data traffic. For instance, the traffic unit for ATM traffic is a cell, the traffic unit for Frame Relay traffic is a frame and the traffic unit for IP traffic is a packet.
  • Each traffic unit may have some aspects in common that may be used by the various services policers when determining whether to discard or transmit the traffic unit.
  • a Real-time Transport Protocol (RTP) policer 202 and a Gaming policer 204 receive traffic units specific to their class of service and each pass output traffic units to an Expedited Forwarding (EF) CoS policer 206 .
  • EF Expedited Forwarding
  • AF Assured Forwarding
  • AF Assured Forwarding
  • Best Effort CoS policer 210 join the output from the EF CoS policer 206 in being received by an output trunk policer 212 .
  • the output trunk policer 212 may then produce output traffic that reflects the SLA between the service provider and the customer at the source of the input trunk.
  • a traffic classifier 214 is provided to examine each traffic unit in an incoming flow of traffic units and send the traffic units to appropriate policers.
  • the criteria on which the traffic classifier 214 bases the decision to send a given traffic unit to a particular services policer may be based on a policy stored in a policy memory 216 to which the traffic classifier has access.
  • the criteria, where the traffic unit is an IP packet may, for instance, include source IP address, destination IP address and Differentiated Services Code Point.
  • the traffic classifier 214 may also restrict access to the multi-staged services policer 200 according to an Access Control List (ACL).
  • ACL Access Control List
  • the Real-Time Transport Protocol is an Internet protocol standard that specifies a way for programs to manage the real-time transmission of multimedia data over either unicast or multicast network services.
  • RTP Real-Time Transport Protocol
  • IETF Internet Engineering Task Force
  • RTC Request for Comments
  • RTP was designed by the IETF Audio-Video Transport Working Group to support video conferences with multiple, geographically dispersed participants.
  • RTP is commonly used in Internet telephony applications and does not in itself guarantee real-time delivery of multimedia data (since this is dependent on network characteristics). RTP does, however, provide the wherewithal to manage the data as it arrives to best effect.
  • FIG. 3 illustrates an exemplary one of the services policers that make up the multi-staged services policer 200 of FIG. 2 .
  • an exemplary architecture for the Best Effort CoS policer 210 is illustrated.
  • the exemplary architecture includes an input port 302 for receiving traffic units from the traffic classifier 214 .
  • a processor 308 receives the traffic units from the input port 302 .
  • the exemplary architecture further includes a memory 310 for storing the criteria based on which an analysis may be carried out on the traffic units by the processor 308 .
  • An output port 304 is included for transmitting traffic units, after the analysis by the processor 308 , to the output trunk policer 212 .
  • a feedback port 306 in included for receiving information from the output trunk policer 212 and passing the information to the processor 308 .
  • aspects of the present invention involve arranging a group of services policers in stages in order to implement multiple policies on the data traffic of a single customer.
  • services policers are arranged in stages, one services policer precedes another and, as such, there is at least one upstream services policer and at least one downstream services policer.
  • the downstream services policer may provide the upstream services policer with information valuable in analyzing incoming traffic units for compliance with an SLA.
  • the group of services policers may be arranged in a cascade, in parallel or combination.
  • the group of services policers may be distributed among multiple elements of an edge device.
  • the upstream services policer receives a traffic unit, whether that traffic unit is an ATM cell, a Frame Relay frame, an IP packet or some other type of traffic unit.
  • the upstream services policer then analyzes the traffic unit. Such an analysis is performed to extract information from the traffic unit, such as an identity of the flow to which the traffic unit belongs or, as will be discussed further hereinafter, the application type to which the traffic unit relates.
  • the upstream services policer may then transmit the traffic unit to the downstream services policer.
  • the upstream services policer may mark the traffic unit in a manner that will be understood by the downstream services policer. Alternatively, the upstream services policer may discard the traffic unit.
  • the downstream services policer analyzes the traffic unit and acts on (transmits, marks, discards) the traffic unit accordingly.
  • the downstream services policer can transmit information (feedback) back to the upstream services policer.
  • information may relate to the state of a network to which the downstream services policer is connected or may relate to other traffic units from the same user handled by other upstream services policers.
  • the upstream services policer may receive feedback from the downstream services policer. Based on the feedback, the upstream services policer may act upon future traffic units differently than it would have in the absence of the feedback.
  • the multi-staged services policer 200 of FIG. 2 is arranged to satisfy an example service implementation, wherein a user of a given service provider purchases a single 100 Mbit/s block of aggregate Level 2 services on a trunk with an SLA including: 20 Mbit/s Voice over IP (VoIP) RTP traffic, 5 Mbit/s gaming traffic, 40 Mbit/s Premium traffic and the remainder Best Effort traffic.
  • VoIP Voice over IP
  • the RTP traffic and the gaming traffic may be handled by the services policer 200 as Expedited Forwarding (EF) traffic
  • the Premium traffic may be handled by the services policer 200 as Assured Forwarding (AF) traffic
  • the remainder of the traffic may be handled by the services policer 200 as Best Efforts traffic.
  • the traffic classifier 214 in use for such an implementation may examine the contents of each received traffic unit for an indication of whether the traffic unit is carrying RTP traffic or gaming traffic. Based on such an indication the traffic classifier may forward the traffic unit to the appropriate services policer. It may be that the customer has marked some traffic units with an indication that the marked traffic units should receive a “Premium” treatment by the service provider. The traffic classifier may be arranged to forward traffic units with such a marking to the EF CoS policer 206 . Additionally, the traffic classifier may be arranged to forward all traffic units that are not marked Premium or recognizable as RTP or gaming traffic to the Best Effort CoS policer 210 .
  • a services policer has been provisioned to limit traffic of a certain type
  • part of the provisioning is an establishment of rules for actions to be performed after the limit has been reached.
  • Typical known services policers discard traffic units that arrive once a limit has been reached.
  • the multi-staged approach of the present invention allows for the marking of traffic at one stage so that the traffic may be processed in a predetermined manner at a downstream stage.
  • the RTP policer 202 may be adapted to mark traffic units that are received before the 20 Mbit/s contracted limit is reached in one way and mark traffic units that are received after the 20 Mbit/s contracted limit is reached in another way. This marking may be unique to the RTP policer 202 or may be unique to the entire multi-staged services policer 200 . Where the marking is unique to the RTP policer 202 , the EF CoS policer 206 may be able to recognize the marking.
  • the EF CoS policer 206 may be arranged to mark traffic units received before the pre-set limit of 25 Mbit/s is reached with “E1”. There may be many options for the marking of the traffic units received after the pre-set limit of 25 Mbit/s is reached. These options may be decided upon as part of the SLA between the customer and the service provider yet not discussed thus far. For instance, it may be that the EF traffic units exceeding the pre-set limit are to be dropped. However, as it has been determined that the EF traffic units are more important than the AF traffic units, excess EF traffic units may be marked “A1” so that the excess EF traffic units are treated by the output trunk policer 212 as AF traffic units.
  • the EF CoS policer 206 may be arranged to prioritize the R0 and G0 traffic units received from the preceding services policers. Rather than simply translating the marking on the R0 and G0 traffic units to E0. Where the pre-set limit has not been reached, the EF CoS policer 206 may mark R0 traffic units with E1 until the limit is reached. If the limit is still not reached with the received R0 traffic units, G0 traffic units may then be marked E1 until the limit is reached.
  • Traffic units marked by the customer as Premium that are received before the contracted limit (40 Mbit/s according to the exemplary SLA) is exceeded may be marked “A1” by the AF CoS policer 208 and passed to the output trunk policer 212 . Where excess EF traffic units have been marked “A1” as discussed above, the 40 Mbit/s limit may be reached before 40 Mbit/s of traffic units marked by the customer as Premium are received.
  • a feedback route from the output trunk policer 212 to the AF CoS policer 208 may be provided, as shown in FIG. 2 , to inform the AF CoS policer 208 of the quantity of AF traffic units that have already been received by the output trunk policer 212 .
  • the AF CoS policer 208 may mark traffic units received after the limit is reached, however the limit is reached, with “A0”.
  • the Best Effort CoS policer 210 may receive those traffic units that the traffic classifier 214 has determined are not carrying RTP or gaming traffic and, further, are not marked as Premium by the customer.
  • the manner in which best effort traffic units are handled by the Best Effort CoS policer 210 may be consistent with the manner in which corresponding traffic units are handled by the EF CoS policer 206 and the AF CoS policer 208 . That is, traffic units received before a limit is reached are marked with “B1” and traffic units received after the limit is reached are marked with “B0”. However, the limit is not pre-set.
  • the limit is based on the amount of traffic received at the output trunk policer 212 from the EF CoS policer 206 and the AF CoS policer 208 .
  • An indication of the remaining portion of the contracted total of 100 Mbit/s may be transmitted by the output trunk policer 212 to the Best Effort CoS policer 210 over a feedback path illustrated in FIG. 2 .
  • traffic units received after the limit is reached may be marked with B1 to indicate that the traffic units are to be considered best effort traffic by the output trunk policer 212 .
  • the Best Effort CoS policer 210 may mark traffic units received before the limit is reached with “B” and may discard any traffic units received after the limit is reached.
  • the output trunk policer 212 may have buffers in which to organize received traffic units. For instance, the output trunk policer 212 may have a buffer for traffic units marked E1, a buffer for traffic units marked A1, a buffer for traffic units marked B1 and may simply discard traffic units marked B0.
  • traffic identified as “Best Effort” may be permitted to burst up to 100 Mbit/s.
  • Most current services policers operate on a binary, or “black and white”, basis wherein a traffic unit is either allowed to pass through or is discarded.
  • the multiple stages of services policers contemplated by the present invention allow for many more types of service to be considered.
  • the policing model offered by the multi-staged services policer 200 of FIG. 2 in operation as described hereinbefore, may be said to be multicolored, where the “colors” of service are E1, A1 and B1.
  • aspects of the present invention can be applied per ATM VC/VP in addition to being applied per Data-link Connection Identifier (DLCI) in a network using Frame Relay and per Label Switched Path (LSP) in a network using IP and Multi-Protocol Label Switching (MPLS), among other applications.
  • DLCI Data-link Connection Identifier
  • LSP Frame Relay
  • MPLS Multi-Protocol Label Switching
  • aspects of the architecture of the edge router may be interwoven with the operation of the multi-staged policer.
  • a typical edge router has an array of input line cards, an array of output line cards and a switching fabric for controllably switching traffic units received at a given input line card to a given output line card.
  • the stages may be distributed such that some stages are associated with an input line card and some stages are associated with an output line card. As such certain of the policing functions may be specific to a customer from which the traffic units are received and certain of the policing functions my be specific to the destination of the traffic units.
  • policing may be distributed across the service provider network 104 of FIG. 1 .
  • Initial policing may take place at the ingress edge device 108 A and final policing may take place at the egress edge device 108 B.
  • traffic units may be distinguished, or classified, by the traffic classifier 214 based on a type of content or a marking placed in the traffic unit by the customer. It is also contemplated that traffic may be prioritized by the port on which the traffic unit arrives at the edge device employing an aspect of the present invention. For instance, a single customer may have more than one link to a service provider edge device. The customer may place higher priority traffic units on a particular link or set of links.
  • the above mentioned port-based services policing may be used to give certain of the customers (say, those that pay their bills on time) priority over certain others of the customers (say, those whose accounts are in arrears).
  • wired Ethernet includes support for Quality of Service (QoS) in the form of 802.1p packet tagging based on the IEEE 802.1D specification, which defines the addition of four bytes to the legacy Ethernet frame format.
  • QoS Quality of Service
  • the defined priority tagging mechanism is known as IEEE 802.1p priority tagging, and it allows for eight levels of priority.
  • traffic units arrive at a multi-staged services policer with eight levels of priority. It may also be that the traffic units depart the multi-staged services policer with eight levels of priority. However, the levels may not map directly. For instance, if three of eight levels of priority at the output of the multi-staged services policer are reserved for some reason, the eight levels of priority of the incoming traffic units must be mapped to the remaining five levels of priority available in the multi-staged services policer. By appropriately programming individual services policers within the multi-staged services policer, such a mapping may be accomplished.
  • services policing is not limited to an ingress edge device.
  • policing task that may be assigned to a services policer is monitoring of traffic for evidence of a denial of service (DoS) attack.
  • DoS denial of service
  • a denial of service (DoS) attack is an incident in which a user or organization is deprived of the services of a resource they would normally expect to have.
  • One of the most dangerous forms of Denial of Service attacks is a SYN Attack.
  • a computer that initiates a communication session (an initiator) sends a TCP SYN synchronization packet to a receiving server.
  • the receiving server sends back a TCP SYN-ACK packet and then the initiator responds with an ACK acknowledgment. After this handshake, both parties are set to send and receive data.
  • Each TCP SYN packet causes the targeted system to issue a SYN-ACK response.
  • the targeted system waits for the ACK that should follow the SYN-ACK, the targeted system queues up all outstanding SYN-ACK responses on what is known as a backlog queue.
  • This backlog queue has a finite length that is usually quite small. Once the backlog queue is full, the targeted system will ignore all incoming TCP SYN packets.
  • SYN-ACKs are moved off the queue only when an ACK comes back or when an internal timer (which is set to a relatively long interval) terminates the three-part handshake.
  • a SYN Attack creates each SYN packet in the flood with a “bad” source IP address, which identifies the original packet.
  • a source IP address is “bad” if it either does not actually exist or is down. All SYN-ACK responses are sent to the source IP address. Therefore, the ACK that should follow a SYN-ACK response will never come back. This creates a backlog queue that is always full, making it nearly impossible for legitimate TCP SYN requests to get into the system.
  • a services policer specifically designed to detect a DoS attack may be arranged to count SYN packets that pass through and discard SYN packets that exceed a pre-set limit in a set time period.
  • the traffic classifier 214 may be considered a special case of a services policer.
  • the traffic classifier, or an individual services policer, of a given multi-staged services policer employing an aspect of the present invention may look more closely at traffic units than has been previously contemplated in conjunction with Layer 2 policers.
  • service policing may be performed with a Layer 7 granularity.
  • Layer 7 is the Application layer of the previously-referenced OSI communication model concerned with end user services.
  • a services policer that is policing at Layer 7 granularity can distinguish World Wide Web traffic (HTTP) from VoIP traffic, and police accordingly. Further, policing, or traffic classification, may be performed based upon “cookies” that may be part of an exchange of HTTP traffic between a client computer in a customer network and a server computer accessed through the service provider network.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A multi-staged services policer implements multiple policies, at an edge device of network, on the data traffic of a single customer. In such a multi-staged services policer, services policers in a given stage may receive information from policers in subsequent stages. This information may be used when policing in the given stage.

Description

CROSS REFERENCE TO RELATED APPLICATIONS
The present application claims the benefit of prior provisional application Ser. No. 60/440,625, filed Jan. 17, 2003.
FIELD OF THE INVENTION
The present invention relates to services policing in data communications networks and, in particular, to multi-staged services policing.
BACKGROUND
A provider of data communications services typically provides a customer access to a large data communication network. This access may be provided at an “edge device” that connects a customer network to the large data communication network. The edge device may be, for instance, a router or a switch. As such service providers have a broad range of customers with a broad range of needs, the service providers prefer to charge for their services in a manner consistent with which the services are being used. Such an arrangement also benefits the customer. To this end, a Service Level Agreement (SLA) is typically negotiated between customer and service provider.
According to searchWebServices.com, an SLA is a contract between a network service provider and a customer that specifies, usually in measurable terms, what services the network service provider will furnish. In order to enforce the SLA, these service providers often rely on “policing”.
Policing involves the inspection of traffic and then the taking of an action based on various characteristics of that traffic. These characteristics may be, for instance, based on whether the traffic is over or under a given rate, or based on some bits in the headers of the traffic. Such bits may include a Differentiated Services Code Point (DSCP) or an indication of “IP Precedence”. Although a “policer” (that which implements policing) may be a software element, today most policers are implemented in hardware. However, newer technologies are implementing policers as a combination of hardware and firmware. Such an implementation allows for high performance and high scalability to support thousands of flows and/or connections.
A policer may either discard a packet of traffic or modify some aspect of the packet of traffic, such as the Internet Protocol (IP) Precedence of the packet of traffic, when it is determined, by the policer, that the packet of traffic meets a given criterion. As an example, the policer can police based on such traffic attributes as the aggregate maximum bandwidth allowed for a set of flows, the maximum bandwidth allowed for each single flow, number of flows allowed and special treatment to be applied to any excess traffic.
Historically, service providers could furnish a customer with a dedicated point-to-point connection to, for instance, connect a branch office to a main office. However, service providers have been evolving to offer leased line connections over shared network infrastructure. That is, a dedicated line is used from one end point of the leased line (the customer network) to the service provider edge device, but the service provider uses a shared network to connect to the other end point of the leased line. This is often accomplished using Layer 2 technologies like Frame Relay and Asynchronous Transfer Mode (ATM). “Layer 2” is the Data Link layer of the commonly-referenced multi-layered communication model, Open Systems Interconnection (OSI).
With the use of these Layer 2 technologies, policing has become an important tool at service providers' edge devices for enforcement of SLAs, avoidance of Denial of Service (DoS) attacks and careful and accurate bandwidth management. Services policers that enforce SLAs for the above-mentioned types of Layer 2 technologies are well understood, implemented and deployed in known networks. For example, ATM Generic Cell Rate Algorithm (GCRA) policers implement policing on a per Virtual Connection/Virtual Path (VC/VP) basis. Based on preset criteria, an ATM cell received at a GCRA policer at a service provider edge device may be either transmitted into the shared network infrastructure or discarded.
However, as service providers evolve and the services provided change and improve, there may be a requirement for an improved services policer.
SUMMARY
A multi-staged services policer implements multiple policies, at an edge device of network, on the data traffic of a single customer. Such a policer is important, in particular, as service providers start offering Virtual Private Networking (VPN) services on Layer 2 technologies other than ATM and Frame Relay. Additionally, service providers may start offering VPN services on the IP layer and, in such cases, may wish to police with Layer 7 granularity, that is, police based on end user applications.
In accordance with an aspect of the present invention there is provided a multi-staged services policer. The multi-staged services policer includes a downstream services policer and an upstream services policer. The upstream services policer adapted to: receive a traffic unit; analyze the traffic unit; based on the analysis, transmit the traffic unit to the downstream services policer; and receive feedback from the downstream services policer.
In accordance with another aspect of the present invention there is provided a method of handling traffic units. The method includes receiving a traffic unit, analyzing the traffic unit, based on the analysis, transmitting the traffic unit to a downstream services policer and receiving feedback from the downstream services policer. In a further aspect of the invention, a computer readable medium is provided to allow a general purpose computer to perform this method.
In accordance with a further aspect of the present invention there is provided a multi-staged services policer. The multi-staged services policer includes a downstream services policer and an upstream services policer. The upstream services policer is adapted to: receive a traffic unit; analyze the traffic unit; based on the analysis, amend the traffic unit resulting in an amended traffic unit including an amendment, where the amendment may be interpreted by the downstream services policer; and transmit the amended traffic unit to the downstream services policer.
In accordance with a further aspect of the present invention there is provided a multi-staged services policer including a first services policer, a second services policer and a third services policer receiving output from each of the first services policer and the second services policer.
Other aspects and features of the present invention will become apparent to those of ordinary skill in the art upon review of the following description of specific embodiments of the invention in conjunction with the accompanying figures.
BRIEF DESCRIPTION OF THE DRAWINGS
In the figures which illustrate an example embodiment of this invention:
FIG. 1 illustrates a connection between a primary customer network and an edge device in a service provider network;
FIG. 2 illustrates a multi-staged services policer present at the edge device of FIG. 1 according to an embodiment of the present invention; and
FIG. 3 illustrates one of the services policers of the multi-staged services policer of FIG. 2.
 DETAILED DESCRIPTION
In a service provider network 104, such as is illustrated in FIG. 1, it is common for the service provider responsible to provide a single access point to the service provider network 104. As illustrated, this access point is an ingress edge device 108A. To provide services policing on a connection between a primary customer network 102 and a secondary customer network 106 through the service provider network 104, a services policer may be included in the ingress edge device 108A. Such a services policer may, for instance, limit traffic having a given Class of Service (CoS).
An egress edge device 108B is provided to receive traffic from the ingress edge device that is destined for the secondary customer network 106 and transmit the traffic to the secondary customer network 106.
As stated hereinbefore, a services policer may be implemented in application-specific hardware. However, in an alternative implementation, the ingress edge device 108A may be loaded with services policing software for executing methods exemplary of this invention from a software medium 112 which could be a disk, a tape, a chip or a random access memory containing a file downloaded from a remote source.
CoS is a type of criterion used when managing traffic in a network by grouping similar types of traffic (for example, e-mail, streaming video, voice, large document file transfer) together and treating each type as a class with its own level of service priority. Unlike Quality of Service (QoS) traffic management, Class of Service technologies do not guarantee a level of service in terms of bandwidth and delivery time; they offer a “best-effort”. On the other hand, CoS technology is simpler to manage and more scalable as a network grows in structure and traffic volume. One can think of CoS as “coarsely-grained” traffic control and QoS as “finely-grained” traffic control.
FIG. 2 illustrates an exemplary architecture for a multi-staged services policer 200 organized as a matrix of services policer blocks. Dependent on the type of data traffic arriving at the service provider edge device, an input trunk may supply the multi-staged services policer 200 with traffic defined as a flow, a session, a connection, an application, etc. The unit of data traffic is also dependent on the type of data traffic. For instance, the traffic unit for ATM traffic is a cell, the traffic unit for Frame Relay traffic is a frame and the traffic unit for IP traffic is a packet. Each traffic unit may have some aspects in common that may be used by the various services policers when determining whether to discard or transmit the traffic unit.
As illustrated in FIG. 2, a Real-time Transport Protocol (RTP) policer 202 and a Gaming policer 204 receive traffic units specific to their class of service and each pass output traffic units to an Expedited Forwarding (EF) CoS policer 206. Output from an Assured Forwarding (AF) CoS policer 208 and a Best Effort CoS policer 210 join the output from the EF CoS policer 206 in being received by an output trunk policer 212. The output trunk policer 212 may then produce output traffic that reflects the SLA between the service provider and the customer at the source of the input trunk. A traffic classifier 214 is provided to examine each traffic unit in an incoming flow of traffic units and send the traffic units to appropriate policers. The criteria on which the traffic classifier 214 bases the decision to send a given traffic unit to a particular services policer may be based on a policy stored in a policy memory 216 to which the traffic classifier has access. The criteria, where the traffic unit is an IP packet, may, for instance, include source IP address, destination IP address and Differentiated Services Code Point. The traffic classifier 214 may also restrict access to the multi-staged services policer 200 according to an Access Control List (ACL).
The Real-Time Transport Protocol (RTP) is an Internet protocol standard that specifies a way for programs to manage the real-time transmission of multimedia data over either unicast or multicast network services. Originally specified in Internet Engineering Task Force (IETF) Request for Comments (RFC) 1889, RTP was designed by the IETF Audio-Video Transport Working Group to support video conferences with multiple, geographically dispersed participants. RTP is commonly used in Internet telephony applications and does not in itself guarantee real-time delivery of multimedia data (since this is dependent on network characteristics). RTP does, however, provide the wherewithal to manage the data as it arrives to best effect.
FIG. 3 illustrates an exemplary one of the services policers that make up the multi-staged services policer 200 of FIG. 2. In particular, an exemplary architecture for the Best Effort CoS policer 210 is illustrated. The exemplary architecture includes an input port 302 for receiving traffic units from the traffic classifier 214. A processor 308 receives the traffic units from the input port 302. The exemplary architecture further includes a memory 310 for storing the criteria based on which an analysis may be carried out on the traffic units by the processor 308. An output port 304 is included for transmitting traffic units, after the analysis by the processor 308, to the output trunk policer 212. A feedback port 306 in included for receiving information from the output trunk policer 212 and passing the information to the processor 308.
As will be apparent to a person skilled in the art, although the schematic representation of the Best Effort CoS policer 210 illustrated in FIG. 3 appears to be hardware-based, an individual policer may be implemented in software or by an application specific integrated circuit (ASIC), among other implementations.
In overview, aspects of the present invention involve arranging a group of services policers in stages in order to implement multiple policies on the data traffic of a single customer. When services policers are arranged in stages, one services policer precedes another and, as such, there is at least one upstream services policer and at least one downstream services policer. Advantageously, the downstream services policer may provide the upstream services policer with information valuable in analyzing incoming traffic units for compliance with an SLA. The group of services policers may be arranged in a cascade, in parallel or combination. In addition, the group of services policers may be distributed among multiple elements of an edge device.
In general, the upstream services policer receives a traffic unit, whether that traffic unit is an ATM cell, a Frame Relay frame, an IP packet or some other type of traffic unit. The upstream services policer then analyzes the traffic unit. Such an analysis is performed to extract information from the traffic unit, such as an identity of the flow to which the traffic unit belongs or, as will be discussed further hereinafter, the application type to which the traffic unit relates. Based on this analysis, the upstream services policer may then transmit the traffic unit to the downstream services policer. Before transmitting the traffic unit, the upstream services policer may mark the traffic unit in a manner that will be understood by the downstream services policer. Alternatively, the upstream services policer may discard the traffic unit. Similarly, upon receiving the traffic unit from the upstream services policer, the downstream services policer analyzes the traffic unit and acts on (transmits, marks, discards) the traffic unit accordingly.
It may be arranged that the downstream services policer can transmit information (feedback) back to the upstream services policer. Such information may relate to the state of a network to which the downstream services policer is connected or may relate to other traffic units from the same user handled by other upstream services policers. As such, the upstream services policer may receive feedback from the downstream services policer. Based on the feedback, the upstream services policer may act upon future traffic units differently than it would have in the absence of the feedback.
The multi-staged services policer 200 of FIG. 2 is arranged to satisfy an example service implementation, wherein a user of a given service provider purchases a single 100 Mbit/s block of aggregate Level 2 services on a trunk with an SLA including: 20 Mbit/s Voice over IP (VoIP) RTP traffic, 5 Mbit/s gaming traffic, 40 Mbit/s Premium traffic and the remainder Best Effort traffic. According to the SLA, the RTP traffic and the gaming traffic may be handled by the services policer 200 as Expedited Forwarding (EF) traffic, the Premium traffic may be handled by the services policer 200 as Assured Forwarding (AF) traffic and the remainder of the traffic may be handled by the services policer 200 as Best Efforts traffic.
The traffic classifier 214 in use for such an implementation may examine the contents of each received traffic unit for an indication of whether the traffic unit is carrying RTP traffic or gaming traffic. Based on such an indication the traffic classifier may forward the traffic unit to the appropriate services policer. It may be that the customer has marked some traffic units with an indication that the marked traffic units should receive a “Premium” treatment by the service provider. The traffic classifier may be arranged to forward traffic units with such a marking to the EF CoS policer 206. Additionally, the traffic classifier may be arranged to forward all traffic units that are not marked Premium or recognizable as RTP or gaming traffic to the Best Effort CoS policer 210.
Where a services policer has been provisioned to limit traffic of a certain type, part of the provisioning is an establishment of rules for actions to be performed after the limit has been reached. Typical known services policers discard traffic units that arrive once a limit has been reached. The multi-staged approach of the present invention allows for the marking of traffic at one stage so that the traffic may be processed in a predetermined manner at a downstream stage.
The RTP policer 202 may be adapted to mark traffic units that are received before the 20 Mbit/s contracted limit is reached in one way and mark traffic units that are received after the 20 Mbit/s contracted limit is reached in another way. This marking may be unique to the RTP policer 202 or may be unique to the entire multi-staged services policer 200. Where the marking is unique to the RTP policer 202, the EF CoS policer 206 may be able to recognize the marking.
Consider a scenario in which the RTP policer 202 marks traffic units that are received before the 20 Mbit/s contracted limit is reached with “R1” and marks traffic units that are received after the 20 Mbit/s contracted limit is reached with “R0”. Similarly, gaming traffic received before the 5 Mbit/s limit is reached may be marked “G1” and over limit traffic units may be marked “G0”. Such marking offers the EF CoS policer 206 some flexibility in marking traffic units that are forwarded to the output trunk policer 212.
In general, according to the implementation of the SLA, the EF CoS policer 206 may be arranged to mark traffic units received before the pre-set limit of 25 Mbit/s is reached with “E1”. There may be many options for the marking of the traffic units received after the pre-set limit of 25 Mbit/s is reached. These options may be decided upon as part of the SLA between the customer and the service provider yet not discussed thus far. For instance, it may be that the EF traffic units exceeding the pre-set limit are to be dropped. However, as it has been determined that the EF traffic units are more important than the AF traffic units, excess EF traffic units may be marked “A1” so that the excess EF traffic units are treated by the output trunk policer 212 as AF traffic units.
Additionally, the EF CoS policer 206 may be arranged to prioritize the R0 and G0 traffic units received from the preceding services policers. Rather than simply translating the marking on the R0 and G0 traffic units to E0. Where the pre-set limit has not been reached, the EF CoS policer 206 may mark R0 traffic units with E1 until the limit is reached. If the limit is still not reached with the received R0 traffic units, G0 traffic units may then be marked E1 until the limit is reached.
Traffic units marked by the customer as Premium that are received before the contracted limit (40 Mbit/s according to the exemplary SLA) is exceeded may be marked “A1” by the AF CoS policer 208 and passed to the output trunk policer 212. Where excess EF traffic units have been marked “A1” as discussed above, the 40 Mbit/s limit may be reached before 40 Mbit/s of traffic units marked by the customer as Premium are received. A feedback route from the output trunk policer 212 to the AF CoS policer 208 may be provided, as shown in FIG. 2, to inform the AF CoS policer 208 of the quantity of AF traffic units that have already been received by the output trunk policer 212. The AF CoS policer 208 may mark traffic units received after the limit is reached, however the limit is reached, with “A0”.
As mentioned hereinbefore, the Best Effort CoS policer 210 may receive those traffic units that the traffic classifier 214 has determined are not carrying RTP or gaming traffic and, further, are not marked as Premium by the customer. The manner in which best effort traffic units are handled by the Best Effort CoS policer 210 may be consistent with the manner in which corresponding traffic units are handled by the EF CoS policer 206 and the AF CoS policer 208. That is, traffic units received before a limit is reached are marked with “B1” and traffic units received after the limit is reached are marked with “B0”. However, the limit is not pre-set. The limit is based on the amount of traffic received at the output trunk policer 212 from the EF CoS policer 206 and the AF CoS policer 208. An indication of the remaining portion of the contracted total of 100 Mbit/s may be transmitted by the output trunk policer 212 to the Best Effort CoS policer 210 over a feedback path illustrated in FIG. 2.
Returning to the operation of the AF CoS policer 208, traffic units received after the limit is reached, may be marked with B1 to indicate that the traffic units are to be considered best effort traffic by the output trunk policer 212.
In one alternative embodiment, the Best Effort CoS policer 210 may mark traffic units received before the limit is reached with “B” and may discard any traffic units received after the limit is reached.
It is then the task of the output trunk policer 212 to forward received traffic units onto the service provider network 104 (FIG. 1). The output trunk policer 212 may have buffers in which to organize received traffic units. For instance, the output trunk policer 212 may have a buffer for traffic units marked E1, a buffer for traffic units marked A1, a buffer for traffic units marked B1 and may simply discard traffic units marked B0.
It may be noted that, as the multi-staged services policer 200 of FIG. 2 will not always be policing EF and AF traffic at their respective full contracted capacities, traffic identified as “Best Effort” may be permitted to burst up to 100 Mbit/s.
Most current services policers operate on a binary, or “black and white”, basis wherein a traffic unit is either allowed to pass through or is discarded. The multiple stages of services policers contemplated by the present invention allow for many more types of service to be considered. Rather than a black and white policing model, the policing model offered by the multi-staged services policer 200 of FIG. 2, in operation as described hereinbefore, may be said to be multicolored, where the “colors” of service are E1, A1 and B1.
As stated hereinbefore, known ATM GCRA policers police on a per VC/VP basis. In contrast, aspects of the present invention can be applied per ATM VC/VP in addition to being applied per Data-link Connection Identifier (DLCI) in a network using Frame Relay and per Label Switched Path (LSP) in a network using IP and Multi-Protocol Label Switching (MPLS), among other applications.
Where the invention is implemented in an edge router, aspects of the architecture of the edge router may be interwoven with the operation of the multi-staged policer. A typical edge router has an array of input line cards, an array of output line cards and a switching fabric for controllably switching traffic units received at a given input line card to a given output line card. Rather than providing all of the services policing capabilities of the multi-staged policer of the present invention in one location within the edge router, the stages may be distributed such that some stages are associated with an input line card and some stages are associated with an output line card. As such certain of the policing functions may be specific to a customer from which the traffic units are received and certain of the policing functions my be specific to the destination of the traffic units.
Even beyond distributing policing across an edge device, policing may be distributed across the service provider network 104 of FIG. 1. Initial policing may take place at the ingress edge device 108A and final policing may take place at the egress edge device 108B.
While it has been discussed hereinbefore that traffic units may be distinguished, or classified, by the traffic classifier 214 based on a type of content or a marking placed in the traffic unit by the customer. It is also contemplated that traffic may be prioritized by the port on which the traffic unit arrives at the edge device employing an aspect of the present invention. For instance, a single customer may have more than one link to a service provider edge device. The customer may place higher priority traffic units on a particular link or set of links. Further alternatively, where a service provider employs a single multi-staged service policer to police traffic units received from a number of customers, the above mentioned port-based services policing may be used to give certain of the customers (say, those that pay their bills on time) priority over certain others of the customers (say, those whose accounts are in arrears).
While in the exemplary multi-staged services policer discussed hereinbefore, three “colors” of service were considered, as will be apparent to a person skilled in the art, many more may be contemplated. For instance, precedence flags numbered 0-9 may be used to give ten colors of service.
Concepts similar to such precedence flags may known from other, related networking technologies. For instance, wired Ethernet includes support for Quality of Service (QoS) in the form of 802.1p packet tagging based on the IEEE 802.1D specification, which defines the addition of four bytes to the legacy Ethernet frame format. The defined priority tagging mechanism is known as IEEE 802.1p priority tagging, and it allows for eight levels of priority.
It may be then, that traffic units arrive at a multi-staged services policer with eight levels of priority. It may also be that the traffic units depart the multi-staged services policer with eight levels of priority. However, the levels may not map directly. For instance, if three of eight levels of priority at the output of the multi-staged services policer are reserved for some reason, the eight levels of priority of the incoming traffic units must be mapped to the remaining five levels of priority available in the multi-staged services policer. By appropriately programming individual services policers within the multi-staged services policer, such a mapping may be accomplished.
As discussed hereinbefore, services policing is not limited to an ingress edge device. At an egress edge device, policing task that may be assigned to a services policer is monitoring of traffic for evidence of a denial of service (DoS) attack. A denial of service (DoS) attack is an incident in which a user or organization is deprived of the services of a resource they would normally expect to have. One of the most dangerous forms of Denial of Service attacks is a SYN Attack. Under normal circumstances a computer that initiates a communication session (an initiator) sends a TCP SYN synchronization packet to a receiving server. The receiving server sends back a TCP SYN-ACK packet and then the initiator responds with an ACK acknowledgment. After this handshake, both parties are set to send and receive data.
A SYN Attack floods a targeted system with a series of TCP SYN packets. Each TCP SYN packet causes the targeted system to issue a SYN-ACK response. While the targeted system waits for the ACK that should follow the SYN-ACK, the targeted system queues up all outstanding SYN-ACK responses on what is known as a backlog queue. This backlog queue has a finite length that is usually quite small. Once the backlog queue is full, the targeted system will ignore all incoming TCP SYN packets. SYN-ACKs are moved off the queue only when an ACK comes back or when an internal timer (which is set to a relatively long interval) terminates the three-part handshake.
A SYN Attack creates each SYN packet in the flood with a “bad” source IP address, which identifies the original packet. A source IP address is “bad” if it either does not actually exist or is down. All SYN-ACK responses are sent to the source IP address. Therefore, the ACK that should follow a SYN-ACK response will never come back. This creates a backlog queue that is always full, making it nearly impossible for legitimate TCP SYN requests to get into the system. DoS attacks early in the year 2000 disabled several major web sites.
A services policer specifically designed to detect a DoS attack may be arranged to count SYN packets that pass through and discard SYN packets that exceed a pre-set limit in a set time period.
It is an advantage of the multi-staged services policing approach described herein that multiple algorithms may be used to police a given flow of traffic, rather than the single algorithm familiar from use of conventional ATM GCRA policers.
As will be apparent to a person skilled in the art, the traffic classifier 214 (FIG. 2) may be considered a special case of a services policer. Further, the traffic classifier, or an individual services policer, of a given multi-staged services policer employing an aspect of the present invention may look more closely at traffic units than has been previously contemplated in conjunction with Layer 2 policers. In particular, service policing may be performed with a Layer 7 granularity. “Layer 7” is the Application layer of the previously-referenced OSI communication model concerned with end user services. Examples of such services include data traffic using the Simple Mail Transfer Protocol (SMTP), the Hyper-Text Transfer Protocol (HTTP), the Telnet standard, the File Transfer Protocol (FTP), the rlogin standard and the Network File System (NFS) standard. For example, a services policer that is policing at Layer 7 granularity can distinguish World Wide Web traffic (HTTP) from VoIP traffic, and police accordingly. Further, policing, or traffic classification, may be performed based upon “cookies” that may be part of an exchange of HTTP traffic between a client computer in a customer network and a server computer accessed through the service provider network.
Other modifications will be apparent to those skilled in the art and, therefore, the invention is defined in the claims.

Claims (18)

1. A multi-staged services policer comprising:
one or more processors;
a downstream services policer;
a first upstream services policer to:
receive a traffic unit;
analyze said traffic unit;
based on said analysis, transmit said traffic unit to said downstream services policer; and
receive feedback from said downstream services policer; and
a second upstream services policer to transmit traffic units received at said second upstream services policer to said downstream services policer based on an analysis specific to said second upstream services policer,
wherein said downstream services policer is configured to afford a higher priority to traffic units received from said second upstream services policer than to traffic units received from said first upstream services policer.
2. The multi-staged services policer of claim 1 wherein said feedback from said downstream services policer is an indication of available bandwidth.
3. The multi-staged services policer of claim 1 wherein at least one of said services policers is configured to police at an application layer granularity.
4. The multi-staged services policer of claim 1 wherein at least one of said services policers is configured to police at a data link layer granularity.
5. The multi-staged services policer of claim 1 wherein said traffic unit is a Frame Relay frame.
6. The multi-staged services policer of claim 1 wherein said traffic unit is a Internet protocol packet.
7. A method of handling traffic units comprising:
receiving, by a first upstream services policer, a first traffic unit;
analyzing, by the first upstream services policer, said first traffic unit according to a first policy;
based on said analysis, transmitting, by the first upstream services policer, said first traffic unit to a downstream services policer;
processing, by the downstream services policer, the first traffic unit according to a second policy;
receiving, by the first upstream services policer, feedback from said downstream services policer to cause the first upstream services policer to modify analysis by the first upstream services policer of further received traffic units;
receiving a second traffic unit by a second upstream services policer;
analyzing, by the second upstream services policer, said second traffic unit according to a third policy;
based on said analysis of said second traffic unit, transmitting, by the second upstream services policer, said second traffic unit to the downstream services policer,
wherein said downstream services policer affords a higher priority to traffic units received from said second upstream services policer than to traffic units received from said first upstream services policer.
8. The method of claim 7 further comprising:
receiving, by the first upstream services policer, a third traffic unit;
analyzing, by the first upstream services policer, said third traffic unit differently from the analyzing of the first traffic unit in light of said feedback; and
based on said analysis of said third traffic unit, transmitting said third traffic unit to said downstream services policer.
9. A computer readable storage medium embodied with computer-executable instructions which, when executed by a processor in an upstream services policer that is upstream of a downstream services policer, cause the processor to:
receive a first traffic unit;
analyze said first traffic unit according to a first policy regarding processing of data traffic received by the upstream services policer;
based on said analysis, transmit said first traffic unit to said downstream services policer that processes data traffic received by said downstream services policer according to a second, different policy;
receive feedback from said downstream services policer;
receive a second traffic unit;
in response to the received feedback, analyze said second traffic unit differently from analysis of said first traffic unit; and
based on said analysis of said second traffic unit, transmit said second traffic unit to said downstream services policer.
10. A multi-staged services policer comprising:
one or more processors;
a first services policer to police traffic units according to a first policy for a first class of service;
a second services policer to police traffic units according to a second policy for a second class of service; and
a third services policer to receive output from each of said first services policer and said second services policer, wherein the third services policer is configured to afford a higher priority to traffic units received from the first services policer than to traffic units received from the second services policer.
11. The multi-staged services policer of claim 1, wherein the first upstream services policer is to use the feedback from the downstream services policer to cause the first upstream services policer to modify analysis of further traffic units received by the first upstream services policer.
12. A multi-staged services policer comprising:
one or more processors;
a downstream services policer;
a first upstream services policer to:
receive a first traffic unit;
analyze said first traffic unit according to a first policy;
based on said analysis, transmit said first traffic unit to said downstream services policer; and
receive feedback from said downstream services policer, wherein the first upstream services policer is to use the feedback from the downstream services policer to cause the upstream services policer to modify analysis of further traffic units received by the upstream services policer; and
a second upstream services policer to receive second traffic units, analyze the second traffic units according to a second policy, and based on the analysis according to the second policy, transmit the second traffic units to the downstream services policer,
wherein the feedback received by the first upstream services policer from the downstream services policer is in response to receipt of the second traffic units from the second upstream services policer.
13. A multi-staged services policer comprising:
one or more processors;
a first downstream services policer; and
a first upstream services policer to:
receive a first traffic unit;
analyze said first traffic unit according to a first policy;
based on said analysis, transmit said first traffic unit to said first downstream services policer; and
receive feedback from said first downstream services policer;
a second upstream services policer to receive second traffic units, analyze the second traffic units according to a second policy, and based on the analysis of the second traffic units, transmit the second traffic units to the first downstream services policer;
a second downstream services policer; and
a third upstream services policer to receive third traffic units, analyze the third traffic units according to a third policy, and based on the analysis of the third traffic units, transmit the third traffic units to the second downstream services policer,
wherein the first, second, and third policies are for different types of traffic units.
14. The multi-staged services policer of claim 10, wherein the third services policer is to send feedback information to the first services policer in response to the traffic units from the first services policer, wherein the first services policer is configured to respond to the feedback information by modifying analysis of further traffic units received by the first services policer.
15. The multi-staged services policer of claim 10, wherein the third services policer is configured to send feedback information to the second services policer in response to traffic units received from the first services policer, wherein the second services policer is configured to modify analysis of further traffic units received by the second services policer in response to the feedback information.
16. The multi-staged services policer of claim 1, wherein the downstream services policer includes a first of the processors, the first upstream services policer includes a second of the processors, and the second upstream services policer includes a third of the processors.
17. The multi-staged services policer of claim 1, wherein the downstream and first and second upstream services policers are executable on the one or more processors.
18. The method of claim 7, wherein each of the downstream services policer and first and second upstream services policers includes one or more processors.
US10/645,489 2003-01-17 2003-08-22 Multi-staged services policing Expired - Fee Related US7965717B2 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
US10/645,489 US7965717B2 (en) 2003-01-17 2003-08-22 Multi-staged services policing
PCT/CA2004/000019 WO2004066565A1 (en) 2003-01-17 2004-01-14 Multi-staged services policing
US13/164,227 US20110242981A1 (en) 2003-01-17 2011-06-20 Multi-staged services policing

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US44062503P 2003-01-17 2003-01-17
US10/645,489 US7965717B2 (en) 2003-01-17 2003-08-22 Multi-staged services policing

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US13/164,227 Continuation US20110242981A1 (en) 2003-01-17 2011-06-20 Multi-staged services policing

Publications (2)

Publication Number Publication Date
US20040141462A1 US20040141462A1 (en) 2004-07-22
US7965717B2 true US7965717B2 (en) 2011-06-21

Family

ID=32718182

Family Applications (2)

Application Number Title Priority Date Filing Date
US10/645,489 Expired - Fee Related US7965717B2 (en) 2003-01-17 2003-08-22 Multi-staged services policing
US13/164,227 Abandoned US20110242981A1 (en) 2003-01-17 2011-06-20 Multi-staged services policing

Family Applications After (1)

Application Number Title Priority Date Filing Date
US13/164,227 Abandoned US20110242981A1 (en) 2003-01-17 2011-06-20 Multi-staged services policing

Country Status (2)

Country Link
US (2) US7965717B2 (en)
WO (1) WO2004066565A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070143848A1 (en) * 2005-12-16 2007-06-21 Kraemer Jeffrey A Methods and apparatus providing computer and network security for polymorphic attacks
US20070143847A1 (en) * 2005-12-16 2007-06-21 Kraemer Jeffrey A Methods and apparatus providing automatic signature generation and enforcement
US20070256127A1 (en) * 2005-12-16 2007-11-01 Kraemer Jeffrey A Methods and apparatus providing computer and network security utilizing probabilistic signature generation
US20100242111A1 (en) * 2005-12-16 2010-09-23 Kraemer Jeffrey A Methods and apparatus providing computer and network security utilizing probabilistic policy reposturing
US20110141221A1 (en) * 2009-12-14 2011-06-16 At&T Intellectual Property I, L.P. Video Conference System and Method Using Multicast and Unicast Transmissions

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7698456B2 (en) * 2003-09-29 2010-04-13 Cisco Technology, Inc. Methods and apparatus to support routing of information
US7769875B1 (en) * 2004-08-03 2010-08-03 Juniper Networks, Inc. Managing a network flow using application classification information and active signaling relay
US7623535B2 (en) * 2004-09-09 2009-11-24 Cisco Technology, Inc. Routing protocol support for half duplex virtual routing and forwarding instance
US7636304B2 (en) * 2005-03-30 2009-12-22 Cisco Technology, Inc. System and method for performing distributed policing
ITMI20052238A1 (en) * 2005-11-23 2007-05-24 Marconi Comm Spa A METHOD AND A PACKAGE TRANSPORTATION SCHEME FOR THE CREATION OF DISTRIBUTED PILICING MECHANISMS
US7672336B2 (en) * 2006-12-01 2010-03-02 Sonus Networks, Inc. Filtering and policing for defending against denial of service attacks on a network
US7804774B2 (en) * 2006-12-01 2010-09-28 Sonus Networks, Inc. Scalable filtering and policing mechanism for protecting user traffic in a network
US7940657B2 (en) * 2006-12-01 2011-05-10 Sonus Networks, Inc. Identifying attackers on a network
US8320249B2 (en) * 2007-03-07 2012-11-27 Broadcom Corporation Method and system for controlling network access on a per-flow basis
US8203953B2 (en) * 2007-10-30 2012-06-19 Cisco Technology, Inc. Bi-directional policer for data rate enforcement over half-duplex mediums
US8553554B2 (en) * 2008-05-16 2013-10-08 Alcatel Lucent Method and apparatus for providing congestion control in radio access networks
US20090296613A1 (en) * 2008-06-03 2009-12-03 Colin Kahn Method and apparatus for providing quality-of-service in radio access networks
US8503432B2 (en) * 2008-09-30 2013-08-06 Alcatel Lucent Method and apparatus for signaling proprietary information between network elements of a core network in a wireless communication network
US8027255B2 (en) * 2008-09-30 2011-09-27 Alcatel Lucent Method and apparatus for prioritizing packets for use in managing packets in radio access networks

Citations (34)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5953317A (en) * 1993-12-06 1999-09-14 Hitachi, Ltd. Policing circuit and policing method
US6072989A (en) * 1996-10-23 2000-06-06 Alcatel Method to determine a scheduled rate value to be used in a policing algorithm, and related policing device
WO2002030064A1 (en) 2000-10-03 2002-04-11 U4Ea Technologies Limited Information flow control in a packet network based on variable conceptual packet lengths
US6404737B1 (en) 2000-08-10 2002-06-11 Ahead Communications Systems, Inc. Multi-tiered shaping allowing both shaped and unshaped virtual circuits to be provisioned in a single virtual path
US6463068B1 (en) * 1997-12-31 2002-10-08 Cisco Technologies, Inc. Router with class of service mapping
US20020191543A1 (en) 2001-05-04 2002-12-19 Terago Communications, Inc. System and method for policing multiple data flows and multi-protocol data flows
US6614790B1 (en) * 1998-06-12 2003-09-02 Telefonaktiebolaget Lm Ericsson (Publ) Architecture for integrated services packet-switched networks
US6618356B1 (en) * 1999-02-16 2003-09-09 Alcatel Method for policing data traffic, a data traffic policer realizing such a method and a telecommunication network including such a policer
US6633540B1 (en) * 1999-07-02 2003-10-14 Nokia Internet Communications, Inc. Real-time traffic shaper with keep-alive property for best-effort traffic
US6680933B1 (en) * 1999-09-23 2004-01-20 Nortel Networks Limited Telecommunications switches and methods for their operation
US20040068577A1 (en) * 2000-12-12 2004-04-08 Jussi Ruutu Method for controlling a stream of data packets in a packet data communication network
US6822940B1 (en) * 2000-09-29 2004-11-23 Cisco Technology, Inc. Method and apparatus for adapting enforcement of network quality of service policies based on feedback about network conditions
US20050157728A1 (en) * 2004-01-15 2005-07-21 Marika Kawano Packet relay device
US6981052B1 (en) * 2001-12-07 2005-12-27 Cisco Technology, Inc. Dynamic behavioral queue classification and weighting
US7027394B2 (en) * 2000-09-22 2006-04-11 Narad Networks, Inc. Broadband system with traffic policing and transmission scheduling
US7054930B1 (en) * 2000-10-26 2006-05-30 Cisco Technology, Inc. System and method for propagating filters
US7065084B2 (en) * 2000-12-09 2006-06-20 Samsung Electronics Co., Ltd. Data structure for implementation of traffic engineering function in multiprotocol label switching system and storage medium for storing the same
US7069337B2 (en) * 2001-03-20 2006-06-27 Mci, Inc. Policy-based synchronization of per-class resources between routers in a data network
US7123583B2 (en) * 2001-01-25 2006-10-17 Ericsson Ab Dual use rate policer and re-marking logic
US7130917B2 (en) * 2002-09-26 2006-10-31 Cisco Technology, Inc. Quality of service in a gateway
US7155502B1 (en) * 2002-06-17 2006-12-26 Packeteer, Inc. Methods, apparatuses and systems facilitating distribution of updated traffic identification functionality to bandwidth management devices
US20070086483A1 (en) * 2005-10-02 2007-04-19 Eci Telecom Dnd, Inc. Method and system for policing binary flows in a switching device
US7215637B1 (en) * 2000-04-17 2007-05-08 Juniper Networks, Inc. Systems and methods for processing packets
US7215674B1 (en) * 2002-04-22 2007-05-08 Cisco Technology, Inc. Supporting applications sensitive to data loss on switched virtual circuits (SVCs)
US7227840B1 (en) * 2002-03-18 2007-06-05 Juniper Networks, Inc. High performance probabilistic rate policer
US7266606B2 (en) * 2001-06-29 2007-09-04 Tropic Networks Inc. Cascaded policing systems and methods
US20080025218A1 (en) * 2004-08-05 2008-01-31 Enhui Liu Method, Apparatus, Edge Router and System for Providing Qos Guarantee
US7385954B2 (en) * 2003-07-16 2008-06-10 Lucent Technologies Inc. Method of transmitting or retransmitting packets in a communication system
US20080192636A1 (en) * 2005-02-07 2008-08-14 Briscoe Robert J Policing Networks
US20080219160A1 (en) * 2007-03-09 2008-09-11 Man Trinh Programmable hardware-based traffic policing
US7480706B1 (en) * 1999-12-30 2009-01-20 Intel Corporation Multi-threaded round-robin receive for fast network port
US20090109847A1 (en) * 2007-10-30 2009-04-30 Cisco Technology Inc. Bi-Directional Policer for Data Rate Enforcement over Half-Duplex Mediums
US7609634B2 (en) * 2005-03-22 2009-10-27 Alcatel Lucent Communication traffic policing apparatus and methods
US7751402B2 (en) * 1999-12-29 2010-07-06 Intel Corporation Method and apparatus for gigabit packet assignment for multithreaded packet processing

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7796608B2 (en) * 2001-03-20 2010-09-14 Verizon Business Global Llc Edge-based per-flow QoS admission control in a data network
US7209439B2 (en) * 2001-03-20 2007-04-24 Mci, Llc Pool-based resource management in a data network
US7127508B2 (en) * 2001-12-19 2006-10-24 Tropic Networks Inc. Method and system of measuring latency and packet loss in a network by using probe packets

Patent Citations (39)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5953317A (en) * 1993-12-06 1999-09-14 Hitachi, Ltd. Policing circuit and policing method
US6072989A (en) * 1996-10-23 2000-06-06 Alcatel Method to determine a scheduled rate value to be used in a policing algorithm, and related policing device
US7106731B1 (en) * 1997-12-31 2006-09-12 Cisco Technology, Inc. Router with class of service mapping
US6463068B1 (en) * 1997-12-31 2002-10-08 Cisco Technologies, Inc. Router with class of service mapping
US6614790B1 (en) * 1998-06-12 2003-09-02 Telefonaktiebolaget Lm Ericsson (Publ) Architecture for integrated services packet-switched networks
US6618356B1 (en) * 1999-02-16 2003-09-09 Alcatel Method for policing data traffic, a data traffic policer realizing such a method and a telecommunication network including such a policer
US6633540B1 (en) * 1999-07-02 2003-10-14 Nokia Internet Communications, Inc. Real-time traffic shaper with keep-alive property for best-effort traffic
US6680933B1 (en) * 1999-09-23 2004-01-20 Nortel Networks Limited Telecommunications switches and methods for their operation
US7751402B2 (en) * 1999-12-29 2010-07-06 Intel Corporation Method and apparatus for gigabit packet assignment for multithreaded packet processing
US7480706B1 (en) * 1999-12-30 2009-01-20 Intel Corporation Multi-threaded round-robin receive for fast network port
US7215637B1 (en) * 2000-04-17 2007-05-08 Juniper Networks, Inc. Systems and methods for processing packets
US6404737B1 (en) 2000-08-10 2002-06-11 Ahead Communications Systems, Inc. Multi-tiered shaping allowing both shaped and unshaped virtual circuits to be provisioned in a single virtual path
US7027394B2 (en) * 2000-09-22 2006-04-11 Narad Networks, Inc. Broadband system with traffic policing and transmission scheduling
US6822940B1 (en) * 2000-09-29 2004-11-23 Cisco Technology, Inc. Method and apparatus for adapting enforcement of network quality of service policies based on feedback about network conditions
US7499400B2 (en) * 2000-10-03 2009-03-03 U4Ea Technologies Limited Information flow control in a packet network based on variable conceptual packet lengths
WO2002030064A1 (en) 2000-10-03 2002-04-11 U4Ea Technologies Limited Information flow control in a packet network based on variable conceptual packet lengths
US7054930B1 (en) * 2000-10-26 2006-05-30 Cisco Technology, Inc. System and method for propagating filters
US7065084B2 (en) * 2000-12-09 2006-06-20 Samsung Electronics Co., Ltd. Data structure for implementation of traffic engineering function in multiprotocol label switching system and storage medium for storing the same
US20040068577A1 (en) * 2000-12-12 2004-04-08 Jussi Ruutu Method for controlling a stream of data packets in a packet data communication network
US7123583B2 (en) * 2001-01-25 2006-10-17 Ericsson Ab Dual use rate policer and re-marking logic
US7069337B2 (en) * 2001-03-20 2006-06-27 Mci, Inc. Policy-based synchronization of per-class resources between routers in a data network
US20020191543A1 (en) 2001-05-04 2002-12-19 Terago Communications, Inc. System and method for policing multiple data flows and multi-protocol data flows
US6901052B2 (en) * 2001-05-04 2005-05-31 Slt Logic Llc System and method for policing multiple data flows and multi-protocol data flows
US7266606B2 (en) * 2001-06-29 2007-09-04 Tropic Networks Inc. Cascaded policing systems and methods
US6981052B1 (en) * 2001-12-07 2005-12-27 Cisco Technology, Inc. Dynamic behavioral queue classification and weighting
US7227840B1 (en) * 2002-03-18 2007-06-05 Juniper Networks, Inc. High performance probabilistic rate policer
US7215674B1 (en) * 2002-04-22 2007-05-08 Cisco Technology, Inc. Supporting applications sensitive to data loss on switched virtual circuits (SVCs)
US7155502B1 (en) * 2002-06-17 2006-12-26 Packeteer, Inc. Methods, apparatuses and systems facilitating distribution of updated traffic identification functionality to bandwidth management devices
US20060265514A1 (en) * 2002-09-26 2006-11-23 Cisco Technology, Inc., A California Corporation Quality of service in a gateway
US7130917B2 (en) * 2002-09-26 2006-10-31 Cisco Technology, Inc. Quality of service in a gateway
US7328274B2 (en) * 2002-09-26 2008-02-05 Cisco Technology, Inc. Quality of service in a gateway
US7385954B2 (en) * 2003-07-16 2008-06-10 Lucent Technologies Inc. Method of transmitting or retransmitting packets in a communication system
US20050157728A1 (en) * 2004-01-15 2005-07-21 Marika Kawano Packet relay device
US20080025218A1 (en) * 2004-08-05 2008-01-31 Enhui Liu Method, Apparatus, Edge Router and System for Providing Qos Guarantee
US20080192636A1 (en) * 2005-02-07 2008-08-14 Briscoe Robert J Policing Networks
US7609634B2 (en) * 2005-03-22 2009-10-27 Alcatel Lucent Communication traffic policing apparatus and methods
US20070086483A1 (en) * 2005-10-02 2007-04-19 Eci Telecom Dnd, Inc. Method and system for policing binary flows in a switching device
US20080219160A1 (en) * 2007-03-09 2008-09-11 Man Trinh Programmable hardware-based traffic policing
US20090109847A1 (en) * 2007-10-30 2009-04-30 Cisco Technology Inc. Bi-Directional Policer for Data Rate Enforcement over Half-Duplex Mediums

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070143848A1 (en) * 2005-12-16 2007-06-21 Kraemer Jeffrey A Methods and apparatus providing computer and network security for polymorphic attacks
US20070143847A1 (en) * 2005-12-16 2007-06-21 Kraemer Jeffrey A Methods and apparatus providing automatic signature generation and enforcement
US20070256127A1 (en) * 2005-12-16 2007-11-01 Kraemer Jeffrey A Methods and apparatus providing computer and network security utilizing probabilistic signature generation
US20100242111A1 (en) * 2005-12-16 2010-09-23 Kraemer Jeffrey A Methods and apparatus providing computer and network security utilizing probabilistic policy reposturing
US8255995B2 (en) * 2005-12-16 2012-08-28 Cisco Technology, Inc. Methods and apparatus providing computer and network security utilizing probabilistic policy reposturing
US8413245B2 (en) 2005-12-16 2013-04-02 Cisco Technology, Inc. Methods and apparatus providing computer and network security for polymorphic attacks
US8495743B2 (en) 2005-12-16 2013-07-23 Cisco Technology, Inc. Methods and apparatus providing automatic signature generation and enforcement
US9286469B2 (en) 2005-12-16 2016-03-15 Cisco Technology, Inc. Methods and apparatus providing computer and network security utilizing probabilistic signature generation
US20110141221A1 (en) * 2009-12-14 2011-06-16 At&T Intellectual Property I, L.P. Video Conference System and Method Using Multicast and Unicast Transmissions
US8411129B2 (en) * 2009-12-14 2013-04-02 At&T Intellectual Property I, L.P. Video conference system and method using multicast and unicast transmissions
US9077852B2 (en) 2009-12-14 2015-07-07 At&T Intellectual Property I, L.P. Video conference system

Also Published As

Publication number Publication date
US20040141462A1 (en) 2004-07-22
US20110242981A1 (en) 2011-10-06
WO2004066565A1 (en) 2004-08-05

Similar Documents

Publication Publication Date Title
US20110242981A1 (en) Multi-staged services policing
US7953885B1 (en) Method and apparatus to apply aggregate access control list/quality of service features using a redirect cause
US7126918B2 (en) Micro-flow management
US6996062B1 (en) Policy-based weighted random early detection method for avoiding congestion in internet traffic
US7302493B1 (en) System and method for providing desired service policies to subscribers accessing the internet
US8543734B2 (en) System, method and apparatus that isolate virtual private network (VPN) and best effort traffic to resist denial of service attacks
CA2302218C (en) Packet network
US7848231B2 (en) Packet communication network and packet communication method
US20070133419A1 (en) Communication traffic congestion management systems and methods
EP1158728A2 (en) Packet processor with multi-level policing logic
US20020089929A1 (en) Packet processor with multi-level policing logic
US20040213264A1 (en) Service class and destination dominance traffic management
US7002974B1 (en) Learning state machine for use in internet protocol networks
TW202127838A (en) Combined input and output queue for packet forwarding in network devices
US20090323525A1 (en) Priority aware policer and method of priority aware policing
US20030227942A1 (en) Apparatus and method for using information in one direction of a bi-directional flow in a network to alter characteristics of the return direction flow
Cisco Introduction to MPLS VPN Technology
Cisco Introduction to Cisco MPLS VPN Technology
WO2002080417A1 (en) Learning state machine for use in networks
US7599366B2 (en) Flow-aware ethernet digital subscriber line access multiplexer DSLAM
Metz Differentiated services
Siew et al. Congestion control based on flow-state-dependent dynamic priority scheduling
Kumazoe et al. Quality of assured service through multiple diffserv domains
Garg Differentiated services and MPLS integration proposal, 2001–2003
Castro Lechtaler et al. MPLS technology: class of service

Legal Events

Date Code Title Description
AS Assignment

Owner name: NORTEL NETWORKS LIMITED, CANADA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:MISTRY, NALIN;BARBIR, ABDULKADEV;DING, WAYNE;REEL/FRAME:014429/0402

Effective date: 20030729

STCF Information on status: patent grant

Free format text: PATENTED CASE

AS Assignment

Owner name: ROCKSTAR BIDCO, LP, NEW YORK

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:NORTEL NETWORKS LIMITED;REEL/FRAME:027164/0356

Effective date: 20110729

AS Assignment

Owner name: ROCKSTAR CONSORTIUM US LP, TEXAS

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:ROCKSTAR BIDCO, LP;REEL/FRAME:030422/0888

Effective date: 20120509

FPAY Fee payment

Year of fee payment: 4

AS Assignment

Owner name: RPX CLEARINGHOUSE LLC, CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:ROCKSTAR CONSORTIUM US LP;ROCKSTAR CONSORTIUM LLC;BOCKSTAR TECHNOLOGIES LLC;AND OTHERS;REEL/FRAME:034924/0779

Effective date: 20150128

AS Assignment

Owner name: JPMORGAN CHASE BANK, N.A., AS COLLATERAL AGENT, IL

Free format text: SECURITY AGREEMENT;ASSIGNORS:RPX CORPORATION;RPX CLEARINGHOUSE LLC;REEL/FRAME:038041/0001

Effective date: 20160226

AS Assignment

Owner name: RPX CORPORATION, CALIFORNIA

Free format text: RELEASE (REEL 038041 / FRAME 0001);ASSIGNOR:JPMORGAN CHASE BANK, N.A.;REEL/FRAME:044970/0030

Effective date: 20171222

Owner name: RPX CLEARINGHOUSE LLC, CALIFORNIA

Free format text: RELEASE (REEL 038041 / FRAME 0001);ASSIGNOR:JPMORGAN CHASE BANK, N.A.;REEL/FRAME:044970/0030

Effective date: 20171222

AS Assignment

Owner name: JEFFERIES FINANCE LLC, NEW YORK

Free format text: SECURITY INTEREST;ASSIGNOR:RPX CLEARINGHOUSE LLC;REEL/FRAME:046485/0644

Effective date: 20180619

FEPP Fee payment procedure

Free format text: MAINTENANCE FEE REMINDER MAILED (ORIGINAL EVENT CODE: REM.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

LAPS Lapse for failure to pay maintenance fees

Free format text: PATENT EXPIRED FOR FAILURE TO PAY MAINTENANCE FEES (ORIGINAL EVENT CODE: EXP.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

STCH Information on status: patent discontinuation

Free format text: PATENT EXPIRED DUE TO NONPAYMENT OF MAINTENANCE FEES UNDER 37 CFR 1.362

FP Lapsed due to failure to pay maintenance fee

Effective date: 20190621

AS Assignment

Owner name: RPX CLEARINGHOUSE LLC, CALIFORNIA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:JEFFERIES FINANCE LLC;REEL/FRAME:054305/0505

Effective date: 20201023